New evidence suggests that attackers planted data to frame an Indian priest who died in police custody—and that the hackers may have collaborated with law enforcement as he was investigated. The Russia-based ransomware gang Cuba abused legitimate Microsoft certificates to sign some of their malware, a method of falsely legitimatizing hacking tools that cybercriminals have particularly been relying on lately. And with the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals reflected on the current state of open source supply-chain security, and what must be done to improve patch adoption. We also explored the confluence of factors and circumstances leading to radicalization and extremism in the United States. And Meta gave WIRED some insight into the difficulty of enabling users to recover their accounts when they get locked out—without allowing attackers to exploit those same mechanisms for account takeovers. But wait, there’s more! Each week, we highlight the security news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. Alexey Brayman, 35, was one of seven people named in a 16-count federal indictment this week in which they were accused of operating an international smuggling ring over the past five years, illegally exported restricted technology to Russia. Brayman was taken into custody on Tuesday and later released on a $150,000 bond, after being ordered to forfeit his passport and abide by a curfew. He is an Israeli citizen who was born in Ukraine. Brayman and his wife, Daria, live in Merrimack, New Hampshire, a small town where the two ran an online craft business out of their home. “They are the nicest family,” a delivery driver who regularly drops off packages at their home told The Boston Globe. “They’ll leave gift cards out around the holidays. And snacks.” The indictment alleges, though, that their house was a staging site for “millions of dollars in military and sensitive dual-use technologies from US manufacturers and vendors.” Two other suspects connected to the case have also been arrested in New Jersey and Estonia. A hacker breached the FBI information-sharing database InfraGard this week, compromising data from more than 80,000 members who share details and updates through the platform related to critical infrastructure in the United States. Some of the data is sensitive and pertains to national and digital security threats. Last weekend, the hacker posted samples of data stolen from the platform on a relatively new cybercriminal forum called Breached. They priced the database at $50,000 for the full contents. The hacker claims to have gained access to InfraGard by posing as the CEO of a finance company. The FBI said it was “aware of a potential false account associated with the InfraGard Portal and that it is actively looking into the matter.” Former Twitter employee Ahmad Abouammo was convicted in August of being paid to send user data to the Saudi Arabian government while working at the tech company. He was also found guilty of money laundering, wire fraud, and falsification of records. He has now been sentenced to 42 months in prison. Abouammo worked at Twitter from 2013 to 2015. “This case revealed that foreign governments will bribe insiders to obtain the user information that is collected and stored by our Silicon Valley social-media companies,” US attorney Stephanie Hinds said in a statement. “This sentence sends a message to insiders with access to user information to safeguard it, particularly from repressive regimes, or risk significant time in prison.” Earlier this year, whistleblower and former Twitter security chief Peiter Zatko alleged that Twitter has long had problems with foreign agents infiltrating the company. The situation has been of particular concern as new CEO Elon Musk massively overhauls the company and its workforce. In an effort to compromise Ukrainian government networks, hackers have been posting malicious Windows 10 installers on torrent sites used in Ukraine and Russia, according to researchers from the security firm Mandiant. The installers were set up with the Ukrainian language pack and were free to download. They deployed malware for reconnaissance, data gathering, and exfiltration. Mandiant said it could not definitively attribute the campaign to specific hackers, but that the targets overlap with those that have been attacked in past hacks by the Russian military intelligence agency GRU. Years after it was proved vulnerable and insecure, the US National Institute of Standards and Technology said on Thursday that the SHA-1 cryptographic algorithm should be removed from all software platforms by December 31, 2030. Developers should turn instead to algorithms with more robust security, namely SHA-2 and SHA-3. The “security hash algorithm,” or SHA, was developed by the National Security Agency and debuted in 1993. SHA-1 is a slightly modified replacement used since 1995. By 2005 it was clear that SHA-1 was “cryptographically broken,” but it remained in widespread use for years. NIST said this week, though, that attacks on SHA-1 “have become increasingly severe.” Developers have eight years to migrate away for any remaining uses of the algorithm. “Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government,” NIST computer scientist Chris Celi said in a statement.